@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        // 表单登录配置
        http.formLogin(form -> form
            .loginPage("/backstage/admin_login")
            .loginProcessingUrl("/backstage/admin/login")
            .successForwardUrl("/backstage/index")
            .failureForwardUrl("/backstage/admin_fail")
            .permitAll());

        // 权限控制配置
        http.authorizeHttpRequests(auth -> auth
            .requestMatchers(new AntPathRequestMatcher("/backstage/admin_login")).permitAll()
            .requestMatchers(new AntPathRequestMatcher("/**/*.css"), 
                            new AntPathRequestMatcher("/**/*.js")).permitAll()
            .requestMatchers(new AntPathRequestMatcher("/backstage/**")).authenticated()
            .anyRequest().permitAll());

        // 其他配置
        // ...
        
        return http.build();
    }
    
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}